From 93b1555939ac2329e187c3f1e958848e332fd7d0 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik <sergii@pisem.net> Date: Mon, 9 Dec 2013 12:38:20 +0100 Subject: [PATCH] bugfix: incorrect buffer sizes for net_store_length() --- sql/log_event.cc | 10 +++++----- sql/log_event_old.cc | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/sql/log_event.cc b/sql/log_event.cc index a00a67c653..6b193cdb08 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -9305,7 +9305,7 @@ int Rows_log_event::get_data_size() { int const general_type_code= get_general_type_code(); - uchar buf[sizeof(m_width) + 1]; + uchar buf[MAX_INT_WIDTH]; uchar *end= net_store_length(buf, m_width); DBUG_EXECUTE_IF("old_row_based_repl_4_byte_map_id_master", @@ -9918,7 +9918,7 @@ bool Rows_log_event::write_data_body(IO_CACHE*file) Note that this should be the number of *bits*, not the number of bytes. */ - uchar sbuf[sizeof(m_width) + 1]; + uchar sbuf[MAX_INT_WIDTH]; my_ptrdiff_t const data_size= m_rows_cur - m_rows_buf; bool res= false; uchar *const sbuf_end= net_store_length(sbuf, (size_t) m_width); @@ -10223,7 +10223,7 @@ Table_map_log_event::Table_map_log_event(THD *thd, TABLE *tbl, ulong tid, m_null_bits(0), m_meta_memory(NULL) { - uchar cbuf[sizeof(m_colcnt) + 1]; + uchar cbuf[MAX_INT_WIDTH]; uchar *cbuf_end; DBUG_ASSERT(m_table_id != ~0UL); /* @@ -10772,14 +10772,14 @@ bool Table_map_log_event::write_data_body(IO_CACHE *file) uchar const dbuf[]= { (uchar) m_dblen }; uchar const tbuf[]= { (uchar) m_tbllen }; - uchar cbuf[sizeof(m_colcnt) + 1]; + uchar cbuf[MAX_INT_WIDTH]; uchar *const cbuf_end= net_store_length(cbuf, (size_t) m_colcnt); DBUG_ASSERT(static_cast<size_t>(cbuf_end - cbuf) <= sizeof(cbuf)); /* Store the size of the field metadata. */ - uchar mbuf[sizeof(m_field_metadata_size)]; + uchar mbuf[MAX_INT_WIDTH]; uchar *const mbuf_end= net_store_length(mbuf, m_field_metadata_size); return (wrapper_my_b_safe_write(file, dbuf, sizeof(dbuf)) || diff --git a/sql/log_event_old.cc b/sql/log_event_old.cc index 211768150a..5372cdc47b 100644 --- a/sql/log_event_old.cc +++ b/sql/log_event_old.cc @@ -1366,7 +1366,7 @@ Old_rows_log_event::~Old_rows_log_event() int Old_rows_log_event::get_data_size() { - uchar buf[sizeof(m_width)+1]; + uchar buf[MAX_INT_WIDTH]; uchar *end= net_store_length(buf, (m_width + 7) / 8); DBUG_EXECUTE_IF("old_row_based_repl_4_byte_map_id_master", @@ -1876,7 +1876,7 @@ bool Old_rows_log_event::write_data_body(IO_CACHE*file) Note that this should be the number of *bits*, not the number of bytes. */ - uchar sbuf[sizeof(m_width)]; + uchar sbuf[MAX_INT_WIDTH]; my_ptrdiff_t const data_size= m_rows_cur - m_rows_buf; // This method should not be reached. -- 2.30.9